General
-
Target
ZXRTBNUOO1.js
-
Size
9KB
-
Sample
211206-vgavlshef3
-
MD5
46d001587dd33056afb6dd4f8ace0310
-
SHA1
6f7b364e422b91bfdc5321fcff95438223da153c
-
SHA256
e913fbfe0af0074695ba3d6d8306f5ab24699df20c0fd2309dc3c3aa80d3271c
-
SHA512
8ce90351d129bb7c999afd8f4ee48f6fed4e710921b9d2597206939b52d335cc97ffb13e859eca5b0721cacd1fce60b2e90392616ea64b43cb430451c318def3
Static task
static1
Behavioral task
behavioral1
Sample
ZXRTBNUOO1.js
Resource
win7-en-20211104
Behavioral task
behavioral2
Sample
ZXRTBNUOO1.js
Resource
win10-en-20211014
Malware Config
Extracted
vjw0rm
http://marshjohn989.duckdns.org:7920
Targets
-
-
Target
ZXRTBNUOO1.js
-
Size
9KB
-
MD5
46d001587dd33056afb6dd4f8ace0310
-
SHA1
6f7b364e422b91bfdc5321fcff95438223da153c
-
SHA256
e913fbfe0af0074695ba3d6d8306f5ab24699df20c0fd2309dc3c3aa80d3271c
-
SHA512
8ce90351d129bb7c999afd8f4ee48f6fed4e710921b9d2597206939b52d335cc97ffb13e859eca5b0721cacd1fce60b2e90392616ea64b43cb430451c318def3
Score10/10-
Blocklisted process makes network request
-
Drops startup file
-
Adds Run key to start application
-